Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Running NetBackup services with non-privileged user (service user) account
  4. Giving access permissions to service user account on external paths
NetBackup™ Security and Encryption Guide

Giving access permissions to service user account on external paths

NetBackup operations fail if the service user account does not have access permissions on directory paths that are external to NetBackup and their contents. Other than the installation directory, all external paths must be accessible by the service user account, for example:

  • Disaster recovery (DR) path

  • External CA certificate paths

  • External paths that are used as parameters to the following commands:

    • nbdb_admin

    • create_nbdb

    • nbdb_move

    • nbdb_backup

    • nbdb_restore

    • nbdb_unload

    • cat_export

    • cat_import

To give access permissions to service user account on external paths

  1. Ensure that the paths that are specific to NetBackup operations are not shared across multiple users on the host.
    • On UNIX, ensure that the paths are not as follows:

      /tmp, /root, or home directory of any other non-root user

    • On Windows, ensure that the paths are not directories of a different user account that resides in C:\users.

  2. Run the following command to give access to the service user account on external paths and their contents:
    • On UNIX: chown -R service_user_name path

      After the chown command is run, verify if the service user can write to the specified path using the following command:

      su service_user_name -c "touch path/test.txt"

    • On Windows: netbackup_install_path\NetBackup\bin\goodies\nbserviceusercmd.exe -addacl path -reason reason

Feedback

Was this page helpful?
Previous

Changing a service user account after installation or upgrade

Next

NetBackup services that run with the service user account

Feedback

Was this page helpful?